CVE-2023-39978 — Missing Release of Memory after Effective Lifetime in Imagemagick

Severity

3.3LOWNVD

EPSS

0.0%

top 89.95%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Timeline

PublishedAug 8

Description

ImageMagick before 6.9.12-91 allows attackers to cause a denial of service (memory consumption) in Magick::Draw.

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:LExploitability: 1.8 | Impact: 1.4

Also affects: Fedora 37

GHSA

GHSA-j6x7-7g72-8ww2: ImageMagick before 6↗2023-08-08

▶

OSV

CVE-2023-39978: ImageMagick before 6↗2023-08-08

▶

Red Hat

ImageMagick: Memory leak in Magick::Draw↗2023-08-08

▶

Debian

CVE-2023-39978: imagemagick - ImageMagick before 6.9.12-91 allows attackers to cause a denial of service (memo...↗2023

▶